CVE-2008-2511

Exploit

EPSS 4.7%
Published 02.06.2008 21:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Directory traversal vulnerability in the UmxEventCli.CachedAuditDataList.1 (aka UmxEventCliLib) ActiveX control in UmxEventCli.dll in CA Internet Security Suite 2008 allows remote attackers to create and overwrite arbitrary files via a .. (dot dot) in the argument to the SaveToFile method.  NOTE: this can be leveraged for code execution by writing to a Startup folder.  NOTE: some of these details are obtained from third party information.

Affected products Warnungen 0 Metrics 2 CWE 1 References 10

Data is provided by the National Vulnerability Database (NVD)

Ca ≫ Internet Security Suite Plus 2008

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	4.7%	0.889

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

http://retrogod.altervista.org/9sg_CA_poc.html

Exploit

http://secunia.com/advisories/30420

Vendor Advisory

http://www.securityfocus.com/archive/1/492679/100/0/threaded

http://www.securitytracker.com/id?1020129

http://www.vupen.com/english/advisories/2008/1696/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/42712

https://www.exploit-db.com/exploits/5682

https://nvd.nist.gov/vuln/detail/CVE-2008-2511

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-2511

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-2511

EUVD